Department of Homeland Security IAIP Directorate Daily Open Source Infrastructure Report for 06 June 2005 Current Nationwide Threat Level is For info click here http://www.dhs.gov/ Daily Highlights • Vnunet reports that in an unusual move phishers have targeted the membership scheme for Hilton Hotels rather than a traditional banking or auction site. (See item 4) • The Washington Post reports a new federal rule requires all businesses and individuals to destroy private consumer information obtained from credit bureaus and other information providers used to determine whether to grant credit, hire employees, or rent an apartment. (See item 7) • CNN reports a Virgin Atlantic flight from London to New York City was diverted to Nova Scotia on Friday, after sending out a hijack signal in what the airline and government officials called a false alarm. (See item 11) DHS/IAIP Update Fast Jump Production Industries: Energy; Chemical Industry and Hazardous Materials; Defense Industrial Base Service Industries: Banking and Finance; Transportation and Border Security; Postal and Shipping Sustenance and Health: Agriculture; Food; Water; Public Health Federal and State: Government; Emergency Services IT and Cyber: Information Technology and Telecommunications; Internet Alert Dashboard Other: Commercial Facilities/Real Estate, Monument &Icons; General; DHS/IAIP Products &Contact Information Energy Sector Current Electricity Sector Threat Alert Levels: Physical: Elevated, Cyber: Elevated Scale: LOW, GUARDED, ELEVATED, HIGH, SEVERE [Source: ISAC for the Electricity Sector (ES−ISAC) − http://esisac.com] 1. June 03, MSNBC — Transmission bottlenecks create vulnerability to blackouts. California and federal energy officials repeated warnings Thursday, June 2, that the electricity system in southern California will be put to the test this summer, especially with long−range forecasts calling for hotter−than−normal temperatures. While most of the rest of the country should have adequate supplies, ongoing transmission bottlenecks continue to leave some regions of the U.S. 1 vulnerable to blackouts or sharp rate increases. Nationwide, demand for electricity is expected to rise by nearly six percent this summer, but generating capacity has kept up. So, most parts of the country will be okay. However, the availability of electrical power, and the price paid for it, depends heavily on location. Despite strong investment in new generating capacity in the past few years, the nation’s power grid is still a patchwork of smaller markets based on regional power lines that were never designed to move electricity coast−to−coast. While power generating companies compete to sell power based on market prices set by supply and demand, most transmission lines are still regulated monopolies with a set rate of return, providing owners little financial incentive to invest in expanding capacity. If the capacity of those lines doesn’t keep up with demand, pockets of the country can become overloaded. Source: http://www.msnbc.msn.com/id/8063259/ [Return to top] Chemical Industry and Hazardous Materials Sector Nothing to report. [Return to top] Defense Industrial Base Sector 2. June 03, Reuters — L−3 to buy Titan. Defense contractor L−3 Communications Holdings Inc. on Friday, June 3, said it would buy Titan Corp. for about $2 billion, expanding its reach in defense−intelligence services. The deal is the largest yet by acquisition−hungry L−3, which has grown into one of the leading U.S. defense technology firms with dozens of deals since its formation in 1997. New York−based L−3, which makes secure communications systems, chiefly for the U.S. military, hopes the deal will capitalize on the Pentagon's increased emphasis on networks and information technology. Titan, with 12,000 employees, disseminates top−secret information for the U.S. armed forces and intelligence agencies, which should help L−3 to bid on classified programs it otherwise would have difficulty winning, L−3 Chief Executive Frank Lanza said. “They (Titan) have 5,000 people −− almost half the company −− with special or top−secret clearances,” he said. “That's an asset you can't price because it takes about two years to get somebody cleared.” Source: http://www.nytimes.com/reuters/business/business−arms−titan. html? [Return to top] Banking and Finance Sector 3. June 04, The Korea Herald — Internet banking system hacked in Korea. Seoul, Korea police on Friday, June 3, sought arrest warrants for two people on charges of hacking into an online banking system and stealing money. The case, the first of its kind in Korea, has caused widespread alarm over the security of popular Internet banking services. The government estimates online banking subscribers totaled 23 million people, about half of the population, as of April. Another two men were booked without detention for allegedly opening a bank account to which the suspects transmitted the money. The investigators said the two high school 2 dropouts withdrew money from a woman's account May 5 using hacking software that is easily available on Internet file−sharing services. One of the two accused posted on Internet community sites a message that carries the hacking software. The software was downloaded onto the victim’s computer without her knowledge when she clicked on the message, police said. The hacking program electronically spies on the user's computer, capturing passwords and security code numbers. Source: http://www.koreaherald.co.kr/SITE/data/html_dir/2005/06/04/2 00506040007.asp 4. June 03, Vnunet (UK) — Hilton customers targeted by phishers. In an unusual move, phishers have targeted the membership scheme for Hilton Hotels rather than a traditional banking or auction site. Professional−looking e−mails have been spammed out over the last few days asking members of the Hilton Honors scheme to re−register their details. Credit card details are also requested by the site, which is hosted in Romania. "It's the first time the Hilton has been targeted," said Mark Murtagh, technical director at Web−filtering company Websense. "People have got wiser about bank phishing and this indicates a new approach. I predict we'll see airlines, car−rental companies and other commercial concerns attacked as phishers look for alternative ways to get bank details." Source: http://www.vnunet.com/vnunet/news/2137481/hilton−customers−t argeted−phishers 5. June 03, Reuters — Technical problems hit another trading exchange. Foreign exchange futures trading on the Chicago Mercantile Exchange's Globex electronic platform was halted on Friday, June 3, after a technical problem affected the system. Technical teams at the largest U.S. futures exchange later resolved the glitch that involved some Globex users being unable to enter or cancel currency orders, officials at the exchange said. Trading in the Japanese yen, Canadian dollar, Mexican peso, British pound, Swiss franc and EuroFX futures on Globex was shut by the problem. Source: http://www.reuters.com/newsArticle.jhtml?type=topNews&storyI D=8691957 6. June 02, ComputerWorld — Pharming attacks are soaring at an alarming rate, security experts say. Hackers today are committing fraud at alarming rates, using sophisticated, multilayered pharming botnets. Oliver Friedrichs, security manager at Symantec Corp.'s security response center, said the increase in pharming attacks has produced a steep rise in cybercrime statistics. The company's DeepSight global Internet sensor network recorded a 360% increase in phishing or pharming e−mails during the last half of 2004. Phishers are taking advantage of drive−by installations, Friedrichs said, injecting malware into some of the vulnerabilities identified in Internet Explorer, Mozilla and Firefox browsers. The drive−by browser exploits place the infected machines into remote−controlled zombie botnets. Dan Hubbard, director of research at Websense Inc., said the "profit motive for phishing is very sizable. The hit rate is high, and the financial returns are quite good" as phishers develop more−sophisticated, "all−in−one" payloads that can proxy a server with a fake Website, log keystrokes and redirect traffic. Pharming attacks are the most ominous, said Scott Chasin, chief technology officer at MX Logic. Pharming "shows a weakness in the infrastructure of the Internet and an inability to protect the application layer," Chasin said. Source: http://www.computerworld.com/securitytopics/security/cybercr ime/story/0,10801,102179,00.html 7. 3 June 02, Washington Post — Rule requires destruction of consumer data. A new federal rule that took effect on Wednesday, June 1, requires all businesses and individuals to destroy private consumer information obtained from credit bureaus and other information providers in determining whether to grant credit, hire employees or rent an apartment. Issued under orders from Congress, which was trying to crack down on identity theft, the Federal Trade Commission's new rule requires that personal information be burned, pulverized, shredded or destroyed in such a way that the information cannot be read or reconstructed. The rule also applies to electronic files, which must be erased or destroyed, and covers credit report data, credit scores, employment histories, insurance claims, check−writing histories, residential or tenant history and medical information. Federal Trade Commission information on new rule: http://www.ftc.gov/opa/2005/06/disposal.htm Source: http://www.washingtonpost.com/wp−dyn/content/article/2005/06 /01/AR2005060101940.html 8. June 02, UPI — Meth addicts top list of identity thieves. Police in Pierce County, WA, have found a 90−percent correlation between identity−theft cases and methamphetamine users. "The thing that is somewhat unique to identity theft is that it requires an almost absurd amount of hours and focus, which methamphetamine users have in abundance," said Mark Lindquist, team chief of the drug unit with the county prosecuting attorney. "We've seen methamphetamine users putting together papers that have been through shredders," said Lindquist. The wave of identity theft sweeping the area has prompted state and federal lawmakers to seek an investigation into its relationship to meth addiction. Source: http://washingtontimes.com/upi−breaking/20050602−121619−1786 r.htm [Return to top] Transportation and Border Security Sector 9. June 05, Washington Post — Efforts to repair aging system compound Metro's problems. Washington, DC's world−class subway system, which for three decades has shaped the metropolitan region and delivered thousands of commuters to work on time, has fallen into a decline −− and mismanagement has been a key factor, records show. Trains break down 64 percent more often than they did three years ago, and the number of daily delays has nearly doubled since 2000. Although the vast majority of trains are on time, more than 14,400 subway riders a day are inconvenienced by a delay or a mechanical problem that forces them off broken trains. Metro officials have spent nearly $1 billion in recent years to turn around the nation's second busiest subway system, but internal records show that the projects have created new problems. The public invested more than $10 billion to build the subway. As its lines have spread across Washington and its suburbs, the system has fueled population growth, revitalized neighborhoods and stitched together a diverse region. People increasingly depend on it; since 2000, ridership is up 18 percent to nearly 660,000 passengers daily. Christened in 1976 as "America's subway," Metro created cathedral stations lauded by architects and built a technically challenging, 106−mile subway with few construction problems. And on September 11, 2001, it proved critical to evacuating Washington. Source: http://www.washingtonpost.com/wp−dyn/content/article/2005/06 /04/AR2005060400350.html?sub=AR 4 10. June 03, Baltimore Sun (MD) — New X−ray machine increases Maryland port's security. With fears persisting that seaports are among the most vulnerable avenues for dangerous weapons to enter the country, and growing criticism of efforts to protect the borders, the port of Baltimore highlighted on Thursday, June 2, a piece of equipment that experts say can help. A powerful X−ray machine, called the Eagle, that can see through a foot of steel, bought by U.S. Customs and Border Protection for $6 million 18 months ago and brought to Baltimore in January, can scan up to 140 cargo containers a day at the state's marine terminals. Now between the new X−ray machine and an older, less powerful gamma ray machine more common at U.S. ports, officials are able to scan 14 percent of the containers that sail into the Baltimore port a year, about twice the national average. The Eagle is a 42−foot−long, 21−foot−high behemoth shaped like an upside−down U that slowly rolls on rubber tires over 20−foot and 40−foot metal containers on the pier. It can scan a 20−foot box in 30 seconds. Ships must notify Customs and the Coast Guard when they are ready to leave a foreign port or arrive in a U.S. port and provide information on crews and cargo. Source: http://www.baltimoresun.com/news/custom/attack/bal−bz.xray03 jun03,1,5166122.story?coll=bal−home−headlines&ctrack=1&cset= true 11. June 03, CNN — London to New York flight diverted after false alarm. A Virgin Atlantic flight from London, England, to New York City was diverted to Nova Scotia, Canada, on Friday, June 3, after sending out a hijack signal in what the airline and government officials called a "false alarm." Flight 045, an Airbus A340−600, with nearly 300 people on board, began sending a hijack signal mid−flight. Officials in Britain and the United States spoke with personnel onboard, who reported no problems with the flight. The plane was diverted to Halifax International Airport. Canadian F−18 fighter jets were sent to accompany the flight, a standard procedure when a hijack alert is sounded, said Gina Connell, spokesperson for Halifax International Airport. The fighter jets did not land in Halifax, but continued to a nearby air force base, she said. Passengers were "kept fully informed," Virgin Atlantic said in a statement. Virgin Atlantic spokesperson Brooke Lawer told CNN, "This was a false alarm. The transponder sent a false alert. We've been in communication with the captain who said everything is under control." An official with the British Aviation Authority also said it seemed the signal was sent out due to a mechanical error. FBI spokesperson Jim Margolin said controllers at New York’s JFK International Airport tower reached the pilot on the plane, who told them, "We're not being hijacked. Everything is A−OK." Source: http://www.cnn.com/2005/TRAVEL/06/03/flight.diverted/index.h tml 12. June 03, Department of Homeland Security — Nation’s busiest seaports to have complete radiation detection coverage. Department of Homeland Security (DHS) Secretary Michael Chertoff on Friday, June 3, announced that the nation’s busiest seaports −− Los Angeles/Long Beach, CA −− will have complete Radiation Portal Monitor (RPM) coverage by year’s end. Three terminal locations, at Piers 400, 300 and Trans Pacific, within the Port of Los Angeles are scheduled to go on−line by the end of June. A total of ninety RPMs, which will screen all international container traffic and vehicles exiting the facility for nuclear materials or hidden sources of radiation, will be operational by December 2005. RPMs are detection devices that provide U.S. Customs & Border Protection (CBP) officers with a passive, non−intrusive means to screen containers, vessels or vehicles for the presence of nuclear and radiological materials. These systems do not emit radiation but are capable of detecting various types of radiation 5 emanating from nuclear devices, dirty bombs, special nuclear materials, natural sources, and isotopes commonly used in medicine and industry. The LA/Long Beach Seaports receive approximately 44 percent of all sea cargo destined for the United States. More than 4.3 million foreign cargo containers arrived at the LA/Long Beach Seaports last year −− an average of one container every seven seconds. Source: http://www.dhs.gov/dhspublic/display?content=4530 13. June 03, USA TODAY — Hawaiian leads U.S. carriers in on−time ratings. Hawaiian Airlines officially emerged from bankruptcy protection on Wednesday, June 2, and then on Thursday, June 3, the carrier took the top spot on−time arrival rates when the Bureau of Transportation Statistics (BTS) released its April numbers. Buoyed by good weather on most of the routes it flies, 95.6% of Hawaiian's flights arrived on time in April, the last month for which statistics are available. Discount carrier ATA placed second in the monthly ratings with 89% of its April flights arriving on time. SkyWest, a commuter affiliate that operates flights for Continental, Delta and United, finished third with an on−time rating of 87.6%. At the other end of the spectrum, Alaska Airlines and JetBlue had the worst on−time ratings of the 19 large U.S. carriers that report to the BTS. Just 77% of those airlines' April flights arrived on time. Delta regional affiliate Atlantic Southeast had the third−worst on−time rating (77.3%). Department of Transportation BTS Ratings: http://www.dot.gov/affairs/dot8505.htm Source: http://www.usatoday.com/travel/news/2005−06−03−ontime−hawaii an_x.htm [Return to top] Postal and Shipping Sector 14. June 03, WAVY−TV (VA) — Legionnaires' disease strikes two Norfolk postal workers. Health officials are investigating after two workers at the main Norfolk, VA, postal facility recently contracted Legionnaires' disease. Officials say the two employees worked the same shift, and were both manual mail processors working in the same area. That area of the postal facility has been sealed off and a spokesperson says all the air vents in the building are being tested. Results should be known early next week. The post office remains open to the public. Postal authorities found out about the two employees' condition Wednesday, June 1, and notified other facility workers. Infection comes when humans breathe the mist that comes from a water source like an air conditioning system, hot tub, or shower that has been contaminated with the Legionella bacteria. Legionellosis is a bacterial infection that can cause a variety of illnesses. Some infected individuals may experience fever and muscle aches while others can develop flu−like symptoms. The more serious form of infection characterized by pneumonia is known as Legionnaires' disease. Legionnaires' Disease is treatable with antibiotics and does not generally pose a threat to the public. Source: http://www.wavy.com/Global/story.asp?S=3422690 [Return to top] Agriculture Sector 15. 6 June 03, Capital Press (OR) — Emergency vesicular stomatitis rule issued. The Washington State Department of Agriculture has issued an emergency rule governing the movement of livestock from states where vesicular stomatitis (VS) has been diagnosed. Horses, cattle, swine, goats, and sheep are prohibited from entering Washington state if they come from within 10 miles of where VS has been diagnosed within the past 30 days, according to the emergency rule. Livestock entering from a state where VS has been diagnosed within the past 30 days must have an import permit and an interstate health certificate from an accredited veterinarian. This spring, VS has been diagnosed in New Mexico, Arizona, and Texas. Vesicular stomatitis spreads relatively easily. Once introduced into a herd, VS is transmitted by contact or exposure to saliva or fluid from ruptured lesions. Affected animals have blisters in the mouth, on the udder or on feet. Excessive salivation often occurs, and complications can include secondary bacterial infections, malaise, and mastitis. Source: http://www.capitalpress.info/main.asp?SectionID=67&SubSectio nID=782&ArticleID=17614&TM=29005.88 16. June 03, Pennsylvania Department of Agriculture — Pennsylvania announces plum pox detection. Pennsylvania Agriculture Secretary Dennis Wolff Friday, June 3, announced the first detection of Plum Pox Virus for 2005. Plum Pox is a virus that severely decreases fruit production. “Our testing laboratory has confirmed the presence of Plum Pox Virus in a single tree in a four acre block of commercial peaches,” Wolff indicated. “The trees are in the already quarantined portion of Menallen Township, Adams County.” Wolff added that the Department will follow its standard procedure of establishing a 500−meter radius buffer zone around the infected block and ordering removal and destruction of all virus−susceptible stone fruit trees in the buffer zone. Two additional blocks of peach trees totaling about 10 acres will also have to be removed as a result of this detection. Only one commercial grower has been impacted by this find. Source: http://www.agriculture.state.pa.us/agriculture/cwp/view.asp? Q=134795&A=390 [Return to top] Food Sector Nothing to report. [Return to top] Water Sector 17. June 03, The Monitor (TX) — Texas water plant determined to protect area water supply. The municipal water plant is not one of the places people can freely visit if they want to contribute to the city’s tourism dollars. But it is one of the locations Edinburg, TX leaders want to keep safe in an ongoing effort at fighting terrorism on the home front. The city, along with others in Texas, have access to training and programs enabling municipal workers to better understand what must be done to enhance safety and security to keep its water supply safe. The plant has a 6−foot−tall chain link fence topped by barbed wire. Barriers will be used to block drivers, but special access will be granted to people living on a closed road beside the plant. The Department of Homeland Security (DHS) set forth requirements in its 2002 Bioterrorism 7 Act mandating what utility plant owners had to do to keep water and sewage supplies safe from terrorists. DHS has required utility plant owners to perform a vulnerability assessment plan that must be periodically updated to determine what security aspects had to be improved. The report is not public record because it is protected under the Texas Homeland Security Act, according to the Texas Attorney General’s Office in Austin. Source: http://www.themonitor.com/SiteProcessor.cfm?Template=/Global Templates/Details.cfm&StoryID=7524&Section=Valley 18. June 02, Associated Press — Wet winter eases southwest drought. An unusually wet winter has led to the easing of the drought across much of the Southwest, officials said Thursday, June 2. With runoff from heavy snow feeding reservoirs, conditions in most of the region have been upgraded from drought to abnormally dry, officials said. "We had this great winter, with lots of snow and rain," said Michael Hayes, climate impacts specialist at the University of Nebraska−Lincoln's National Drought Mitigation Center. "All of the Southwest has recovered significantly from the drought conditions. Parts of the Southwest have recovered completely." However, more rain is needed to fill regional reservoirs. Water levels remains below capacity at Lake Powell, Lake Mead and at most reservoirs in New Mexico. Varying degrees of drought continue elsewhere in the West and Southwest, including in northeastern Arizona and northwestern New Mexico. Source: http://www.washingtonpost.com/wp−dyn/content/article/2005/06 /02/AR2005060201652.html [Return to top] Public Health Sector 19. June 02, Associated Press — Whooping cough booster shot appears safe. An experimental booster shot designed to protect adults and adolescents from whooping cough proved safe and effective in a study released Thursday, June 2, offering a vital new tool for fighting a dangerous resurgence of the disease over the past few years. The vaccine, developed by Sanofi Pasteur and already widely given to teenagers in Canada, appears likely to win U.S. government approval later this month. The vaccine is needed "to prevent the disease in teenagers and adults themselves and, secondly, take away their ability to be contagious," said Michael E. Pichichero, a professor at the University of Rochester Medical Center who has headed clinical trials into the vaccine since 2001. "We're trying to stop an epidemic." Cases of whooping cough, an ancient scourge that effective vaccination of babies and toddlers was meant to wipe out, have quadrupled in the U.S. over the past three years to 18,957 cases in 2004. It turns out the vaccine that babies get starts wearing off by adolescence. The study indicated that the booster shot should be at least 83 percent effective at preventing severe illness in adults and adolescents, though no one yet knows how long the renewed immunity will last. Vaccine study: http://jama.ama−assn.org/cgi/content/full/293.24.3003v1 Source: http://news.yahoo.com/s/ap/20050603/ap_on_he_me/whooping_cou gh_vaccine;_ylt=AiqiGlLGAsQEhgEPdbeqLUdZ24cA;_ylu=X3oDMTBiMW 04NW9mBHNlYwMlJVRPUCUl 20. June 02, National Institute of Allergy and Infectious Diseases — Variant prion causes infection but no symptoms. Abnormal prion proteins are little understood disease agents 8 involved in causing brain−wasting diseases such as Creutzfeldt−Jacob disease in humans, mad cow disease in cattle, and chronic wasting disease in deer. New research suggests that a variant form of abnormal prion −− one lacking an “anchor” into the cell membrane—may be unable to signal cells to start the lethal disease process, according to scientists at the Rocky Mountain Laboratories, part of the National Institute of Allergy and Infectious Diseases (NIAID). “This work provides novel insights into how prion and other neurodegenerative diseases develop and it provides clues as to how we might delay or even prevent such diseases by preventing certain cellular interactions,” notes NIAID Director Anthony S. Fauci. The research team exposed two groups of mice to different strains of the agent that causes scrapie, a brain−wasting disease of sheep. Within 150 days of being inoculated with the natural form of scrapie prion protein, all 70 mice in the control group showed visible signs of infection. In contrast, the scientists observed 128 transgenic mice −− those engineered to produce prion protein without a glycophosphoinositol cell membrane anchor −− for 500 days and saw no signs of scrapie disease. Microscopic examinations; however, confirmed that they produced an abnormal form of prion protein and had brain lesions. Source: http://www2.niaid.nih.gov/newsroom/Releases/variant_protein. htm 21. June 02, Howard Hughes Medical Institute — Virus uses tiny RNA to evade the immune system. In the latest version of the hide−and−seek game between pathogens and the hosts they infect, researchers have found that a virus appears to cloak itself with a recently discovered gene silencing device to evade detection and destruction by immune cells. The report by Howard Hughes Medical Institute (HHMI) researchers may be the first to show how a virus uses the gene silencing machinery for its own infectious purposes. In people, plants, and worms, hundreds of tiny RNA molecules can silence specific genes by interfering with larger messenger RNAs (mRNAs). That interference prevents mRNAs from making proteins. Scientists do not know which genes are hushed by the micro RNAs in people, but the new study bolsters growing evidence that the tiny molecules can play important roles not only in normal human cells but in infected cells as well. “A popular notion is that the whole system of generating small RNAs was designed to be a defense by cells against viruses. Our study shows that a virus can also adapt it to evade the immune response,” said Don Ganem, HHMI investigator. Source: http://www.hhmi.org/news/ganem3.html [Return to top] Government Sector Nothing to report. [Return to top] Emergency Services Sector 22. June 03, Associated Press — Fort Lauderdale prepares for massive security operation at Convention Center. When the Organization of American States General Assembly begins meets June 5−7, at the Broward County Convention Center in Fort Lauderdale, representatives of more than 26 local, state and federal authorities will be running a massive security operation 9 in Fort Lauderdale. Their challenge: Find the right balance between keeping the public safe and not stifling the rights of protesters, who could number in the thousands. "We anticipate a peaceful weekend," said Fort Lauderdale police Sgt. Andy Pallen. Law enforcement agencies have conducted field training, developed detailed strategies and rehearsed countless "What if?" scenarios so that nothing −− be it a terrorist attack or violent protests−− takes them by surprise. The OAS security operation will be one of the biggest in the United States this year, on par with events such as the Super Bowl and the United Nations General Assembly in New York, said Ed Moreno, special agent in charge at the State Department's Diplomatic Security Service field office in Miami. Source: http://www.securityinfowatch.com/article/article.jsp?siteSec tion=306&id=4253 23. June 03, Hattiesburg American (MS) — Mock anthrax attack prepares hospital for real thing. Decontamination specialists utilize pressurized hoses Thursday, June 2, to wash away the fictional anthrax that covered nurse Eric Peters under a Hazmat tent at Forrest General Hospital in Hattiesburg, MS, during a simulated anthrax attack. Hours after a mysterious aerosol spray filled the air at a junior college graduation on Thursday, about 150 people with flu−like symptoms flooded Forrest General Hospital desperately looking for help. But the patients didn't have the flu. They were victims of an anthrax attack −− actually, a mock anthrax attack designed to teach hospital volunteers what they should do in the event of an actual biological or chemical terrorist strike. Mack Strider, emergency response coordinator for the Mississippi Department of Health, said numerous trains traveling through the state carry chlorine and other hazardous chemicals. In most cases, Strider said, victims will be decontaminated once at the site of accidents or attacks and then again at Forrest General. He said that ensures no toxins enter the hospital. "You can't let anything get into the hospital," Strider said. "If something does, you really have some problems." Source: http://www.hattiesburgamerican.com/apps/pbcs.dll/article?AID =/20050603/NEWS01/506030304/1002 [Return to top] Information Technology and Telecommunications Sector 24. June 03, Associated Press — Microsoft says MSN Website hacked in South Korea. Microsoft acknowledged Thursday, June 2, that hackers booby−trapped its popular MSN Website in South Korea to try to steal passwords from visitors. The company said it was unclear how many Internet users might have been victimized. Microsoft said it cleaned the Website, http://www.msn.co.kr and removed the dangerous software code that unknown hackers had added earlier this week. A spokesperson, Adam Sohn, said Microsoft was confident its English−language Websites were not vulnerable to the same type of attack. The Korean site, unlike U.S. versions, was operated by another company Microsoft did not identify. Microsoft's own experts and Korean police authorities were investigating, but Microsoft believes the computers were vulnerable because operators failed to apply necessary software patches, said Sohn, an MSN director. MSN Korea said the only site affected by the hacking was the MSN Korea news site: http://news.msn.co.kr Source: http://www.washingtonpost.com/wp−dyn/content/article/2005/06 /02/AR2005060201604.html?nav=hcmodule 10 25. June 03, BBC News (UK) — Fake Osama bin Laden e−mail hides virus. Users are being warned not to open junk e−mail messages claiming Osama bin Laden has been captured. The messages claim to contain pictures of the al Qaeda leader's arrest but anyone opening the attachment will fall victim to a Microsoft Windows virus. Since June 1, anti−virus companies have been catching the junk mail messages in large numbers. Anyone opening the attachments or visiting the Website will get a version of the Psyme trojan installed on their PC. The vulnerability exploited by Psyme is found in Windows 2000, 95, 98, ME, NT, XP and Windows Server 2003. Users are urged to update their version of Windows to close the loophole. Source: http://news.bbc.co.uk/1/hi/technology/4607203.stm Internet Alert Dashboard DHS/US−CERT Watch Synopsis Over the preceding 24 hours, there has been no cyber activity which constitutes an unusual and significant threat to Homeland Security, National Security, the Internet, or the Nation's critical infrastructures. US−CERT Operations Center Synopsis: US−CERT reports a heap−based buffer overflow that affects the PHP 'pack()' function call. An attacker that has the ability to make the PHP interpreter run a malicious script may exploit this condition to execute arbitrary instructions in the context of the vulnerable process. This function allows a malicious programmer to set references to entries of a variable hash that have already been freed. This can lead to remote memory corruption and may allow them to gain access to potentially sensitive information, such as database credentials. Current Port Attacks Top 10 Target Ports 135 (epmap), 445 (microsoft−ds), 1026 (−−−), 1027 (icq), 1433 (ms−sql−s), 1434 (ms−sql−m), 4899 (radmin), 139 (netbios−ssn), 1028 (−−−), 25 (smtp) Source: http://isc.incidents.org/top10.html; Internet Storm Center To report cyber infrastructure incidents or to request information, please contact US−CERT at soc@us−cert.gov or visit their Website: www.us−cert.gov. Information on IT information sharing and analysis can be found at the IT ISAC (Information Sharing and Analysis Center) Website: https://www.it−isac.org/. [Return to top] Commercial Facilities/Real Estate, Monument &Icons Sector 26. June 04, St. Petersburg Times (FL) — Terrorism fears halt Florida port fireworks. Last week, the Coast Guard captain responsible for Florida's Tampa Port Authority turned down a request from a downtown business group to open the waterfront for fireworks on Friday evenings from June through August. The conflict involves a long concrete wharf for cruise ships at the port. Running from behind the Channelside entertainment complex to the Florida Aquarium, the wharf is closed off to the public by a high metal fence. U.S. Customs regulations require access to the area be restricted during cruise ship calls to make sure undocumented 11 people and cargo don't get on or off the vessel. For the second year, the Coast Guard has agreed to fireworks displays on the Channel District waterfront for four holidays: Memorial Day and Labor Day weekends, the Fourth of July and New Year's Eve. Port Capt. Mike Farley wrote the merchants group May 23 that the weekly events would "create a repetitive and predictable diversion terrorists could exploit to mask their activities." The port authority and local law enforcement agencies provide enough extra security to make the holiday events secure, Farley said. But holding fireworks every week could "desensitize" officers and let terrorists blend in with bystanders. Cruise ships carrying upwards of 3,000 passengers and crew are considered prime terrorist targets. Source: http://www.sptimes.com/2005/06/04/Business/Terrorism_fears_h alt_.shtml 27. June 03, USA TODAY — Schools restrict use of Tasers. Dozens of incidents in which police officers have used electric stun guns to subdue unruly students have led school officials around the U.S. to restrict the use of the devices on campus. The Taser is relatively safe compared with other objects that can transmit electricity to humans, says Vincent Amuso, associate head of electrical engineering at the Rochester Institute of Technology. What makes the Taser less harmful is the short length of time it is held against the body, he says. Some people think of electricity in terms of volts, but voltage is actually a measure of how much electricity can be moved. Schools in St. Paul, MN, and elsewhere have joined Miami−Dade, FL, in limiting stun guns. St. Paul's school board voted in May to allow officers in schools to use them on students only in life−threatening situations. In Jacksonville, FL, Sheriff John Rutherford is holding 16 town meetings on stun guns in schools to help him set a policy for the next school year. He says he is inclined to allow their use in schools — but only when lethal force is justified. Source: http://www.usatoday.com/news/nation/2005−06−03−taser_x.htm [Return to top] General Sector Nothing to report. [Return to top] DHS/IAIP Products & Contact Information The Department of Homeland Security's Information Analysis and Infrastructure Protection (IAIP) serves as a national critical infrastructure threat assessment, warning, vulnerability entity. The IAIP provides a range of bulletins and advisories of interest to information system security and professionals and those involved in protecting public and private infrastructures: DHS/IAIP Daily Open Source Infrastructure Reports − The DHS/IAIP Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open−source published information concerning significant critical infrastructure issues. The DHS/IAIP Daily Open Source Infrastructure Report is available on the Department of Homeland Security Website: http://www.dhs.gov/iaipdailyreport Homeland Security Advisories and Information Bulletins − DHS/IAIP produces two levels of infrastructure warnings. Collectively, these threat warning products will be based on material that is 12 significant, credible, timely, and that addresses cyber and/or infrastructure dimensions with possibly significant impact. Homeland Security Advisories and Information Bulletins are available on the Department of Homeland Security Website: http://www.dhs.gov/dhspublic/display?theme=70 DHS/IAIP Daily Open Source Infrastructure Report Contact Information Content and Suggestions: Subscription and Distribution Information: Send mail to dhsdailyadmin@mail.dhs.osis.gov or contact the DHS/IAIP Daily Report Team at (703) 983−3644. Send mail to dhsdailyadmin@mail.dhs.osis.gov or contact the DHS/IAIP Daily Report Team at (703) 983−3644 for more information. Contact DHS/IAIP To report physical infrastructure incidents or to request information, please contact the National Infrastructure Coordinating Center at nicc@dhs.gov or (202) 282−9201. To report cyber infrastructure incidents or to request information, please contact US−CERT at soc@us−cert.gov or visit their Web page at www.us−cert.gov. DHS/IAIP Disclaimer The DHS/IAIP Daily Open Source Infrastructure Report is a non−commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material. 13